Introduction: Cracking/Hacking Windows Passwords (UPDATED: VISTA Too!!)

Picture of Cracking/Hacking Windows Passwords (UPDATED: VISTA Too!!)

Instructional/Educational Purposes only.
Be nice kids.

First of all, and I have to say this because of some recent comments, this is not a virus, and will not delete any files from your computer. In fact, ophCrack, the software we're gonna use is a very popular password cracker. Google it or Wikipedia it if you don't believe me.

This works for WINDOWS ONLY

This will crack all windows passwords up to 14 digits on a computer.
You need physical access to the computer.
You don't need to be logged in (that's what this is for).
It will tell you all user names and passwords on the computer.

Step 1: Get the Resource

1. Go here:

2. Download the latest version of ophcrack live cd. To crack passwords on an XP computer select 'ophcrack XP LiveCD'. To crack passwords on a VISTA computer select 'ophcrack VISTA LiveCD'.

3.The software you download will be a CD image (.iso format). If you try opening this on a computer with a CD-Writer and CD-Writing Software (eg. Nero, Roxio, Record Now, or whatever you have) it will write that file to a CD.
So, make the CD

Step 2: Crack

1. Make sure the computer you intend to crack is off.

2. Turn on, and instantly pop in the CD you just created.

3. By this time, windows might have started loading. So, turn off computer by holding down power button and then turn on again. What you want to do is boot from the CD. This can be done in two ways:
a. Often pressing one of the function keys (depending on manufacturer) takes you into the BIOS setup (the first splash screen that pops up when you turn on your computer should tell you which one: often F2, F11 or F12.) There, you should look around until you find where you can change the boot order (this differs from company to company depending on your computer brand). Change the boot order, so the computer first boots from CD then from Hard Disk.
b. There is often another function key (again depending on manufacturer) which enters you into the boot selection menu where you can select where to boot from. Hit boot from CD.

4. Watch as the CD loads. It will load a temporary version of linux on to the ram, dump all user names in a box and start processing. This software can only crack passwords up to 14 digits. As it deciphers the passwords, it will decipher each password in two blocks of 7 characters each, and then show you the whole password as a combination of those two under the column labeled 'net password'.

5. Vola! In about 5-10 minutes you have all the user names and passwords on that computer.


SaraM6 (author)2016-02-20

I have completed everything, but it says that the password could not be found. Any suggestions as to what to do next?

Dr9 (author)2015-07-12

I have a youtube channel dedicated to this kind of thing guys.

Here is my tutorial video using a similar process to above.

zareao (author)2014-09-27

Well, I don't thinks cracking is a good idea, maybe you can recover Windows Vista password which can keep important data in your computer. I suggest you can use some Windows password recovery tool, there are many and you can search them on Google

amitswarupkumarrai (author)2014-09-16

good information for mine

requirehelp (author)2013-09-16

Aftear launching the cd it comes to a screen that says "Welcome to open source SliTaz boot time: 12 s. Run: 'ophcrack dialog' to search again for tables. tux@slitaz:~$" I'm assuming it is waiting for a command. I have a vista hplaptop and made sure I downloaded the live cd for vista. Can anyone help

lachate (author)requirehelp2014-04-28

When I lost my Windows password, I try to find out one program from Google, finally use a tool to crack the Windows 7 login password, and it seems to supports all the Windows OS. I got this smart Windows key from CNET website: Windows password recovery

hellokey10 (author)2014-04-28

Actually to crack or hack Windows password, I use the SmartKey Windows Password Recovery, it is nice and wonderful! It works like a charm! You can Google it!

davidrobinson2018 (author)2013-08-29

kernel panic – not syncing: Attemped to kill the idle task – this is what I got on the screen after selecting a mode with Ophcrack.. and downloaded the file twice and burned it twice.. got the same message..Eventually I purchase the paid software Password Recovery Bundle and it works! Thanks any way!

Dashadower (author)2012-06-17

Use daemon tools for a cd making software.

AndiLea91 (author)2011-03-26

ok so i put the boot up menu in the right order, i went into the bios set up and changed the boot sequence to "CD/DVD/CD-RW Drive" then "Internal HDD" and i hit esc and then it went through the black linux screen and scrolled down and then went to this white screen that says "ophcrack Live CD" with 4 characters to the side and options to the right. asking for "ophcrack Graphic mode - automati, manual. low ram, and text mode." it started automatically in auto mode and then went to this black screen again and loaded a bunch of dots.

after that it went to this next screen that was all brown and had a large OS in the corner and ophcrack LiveCD along the top and this black box menu that stated. "tables found (mntsr0tablesvista_free), and "list of windows partitions containing hashes (0. mnt/s da2/windows/system32/config)(1. /mnt/s da3/windows/system32/config)", and then "select the partition to crack::" ...what did i do wrong or what am i suppose to do...i have a dell studio with windows vista please help.

Splicer02 (author)2011-01-28

Why is this under "Props"?

shortman (author)2008-05-08

I have tried about 7 of these instructables to go around or reset admin. password and NONE OF THEM work.

jcksparr0w (author)shortman2010-04-12

ive tried at least 15 of them already and its just like you.  NONE OF THEM WORK!!!!

Muscelz (author)shortman2009-02-02

try this program called password-nuker, it resets your SAM file on boot

kerpaul (author)shortman2008-06-18

try my instructable. you don't need any software, just an account on the computer or the computer's network.

Boom-Man (author)kerpaul2008-09-16

i read your instructable first of all the account needs to be an administrator also it dose not work for vista i dont really like it (no offence to you what so ever)

kerpaul (author)Boom-Man2008-09-16

boom-man, the account does NOT need to be an administrator (at least not on the computers i've tried, i have no clue where you've tried) i never said it would work for vista, it says WINDOWS XP in there, just read it carefully. i really don't care that much whether you like it or not, any feedback is good feedback.

damasta (author)shortman2008-05-24

try harder, but you're right, most of them only work when you're already admin... This will work (if bootCD isn't locked down in bios) mine will work too I haven't seen other methods on here

ian bernal (author)2010-01-20

hello! nice to have this tool,  do you know if it works on windows 7?

nightangle (author)ian bernal2010-02-22

no, i do not know any thing about hacking.

shortman (author)2008-05-08

AVG says this is an unwanted risky file. It did not load to CD but installed on download computer. This is a bad file to try to use.

A.C.E. (author)shortman2009-06-17

and you must have downloaded the executable file. if you want to burn it to a disc you need the iso.

spartan 2209 (author)A.C.E.2009-10-10

Hello again A.C.E. lol.

Lance Mt. (author)spartan 22092010-02-12

 Hello again spartan 2209....

  I'm sorry, i actually have no idea who you are..

                     Everyone was doing it.

spartan 2209 (author)Lance Mt.2010-02-19

Haha funny thing is I've seen you on other instructables many times :P

Lance Mt. (author)spartan 22092010-02-20

 Yeah i get that =D

I like this community

HardCoreHacker (author)shortman2009-10-31

of coarse it says its risky! its a password cracker stupid

NetDex (author)2009-12-03

Technically, every anti-virus scanner I use say something like this, " Warning! Virus PSW.PSWdump has been found" or something like that.

NetDex (author)NetDex2009-12-03

It goes like this, (Unclassified Threat)

gamerguy13 (author)2009-10-30

How do you get the windows vista startup to look like that?

spartan 2209 (author)2009-10-10

Wow, are you forgetting the TINY detail that you have to be an administrator to download and install. Good try though.

blacjack1 (author)2009-10-02

I had my doubts as to if this would actually work, but my first comment turned around and bit me in the arse and i was totally amazed that it worked, but seriously it went to my head a little bit and i kinda went crazy(me and friend) at school with this. Found Head Admins PW All head teachers PW everyones, pretty cool if you ask me.

Muscelz (author)2008-09-19

look em up, make em, USE EM!!! u can crack a 14 number and letter password in aprox 2mins max

He he he he, i got 125gig of tables, i can crack nt lm passwords number/letter/symbol at a 96% hit rate :) **evil laugh** ok very serious

here are some helpful things to follow

Scorpio_ctza (author)Muscelz2008-11-21

If I have used pwdump to get a list of usernames and passwords, how do I crack the hashes

Muscelz (author)Scorpio_ctza2009-05-09

1st step learn about rainbow files, learn what your variables could be, or your possible variables could be
2nd make rainbow files
3rd download cain&able or another program thats similar. and be on your way
4th step if your lazy and don't care about time, use a bruteforcer


The Miracle Man (author)Muscelz2009-09-29

"2nd make rainbow files" Have you ever created rainbow tables? Do you know how cpu intensive and time consuming this is? Especially if you need a full character set table generated. Not to mention if you need more than 8 characters. You'll need a 100 GPUs running about 2 years to generate a highly successful and relaible rainbow table.

knex_mepalm (author)Muscelz2009-08-08

uselesss, my computer file is 100 letters randomly typed and now remembered by me i remember the whole thing!!!!YOu cann't crack that in less than 10 hours i bet

Muscelz (author)knex_mepalm2009-08-15

i know how to generate new sam files. if cracking doesn't work. ill just replace the sam file leaving no passwords

knex_mepalm (author)Muscelz2009-08-15

i did a 512 - bit encryption and i made it so it is impossible to delete unless you fry the cpu or something

Muscelz (author)knex_mepalm2009-08-16

haha nah it dusnt work that way, the sam file contains info about the pc including specs, keys, passwords etc etc. as long as i got the cd key i can replace the sam file. jsut gota detect specs, enter product key and its ready to go lm and ntlm encryptions don't phase me anymore.

knex_mepalm (author)Muscelz2009-08-18

i put it into an encryption folder

Muscelz (author)knex_mepalm2009-08-18

my 3.3ghz I7e 975 can smash that 512bit encyption with in a month.
i can crack: (in real time mode)
Rijndael 128-256
Tripple DES 128
DES 56
Blowfish 128
PK v2.04g

and you can delete it, a encrypted file can be deleted. it just means it cant be read with out being decrypted. from my perspective you dont know what your talking about
AES 128-256

knex_mepalm (author)Muscelz2009-08-19

ooops i typed it wrong, i put it in a folder which has a password on and if you want to delete it you need to crack the password but if you wanna read it you gotta crack another one

Muscelz (author)knex_mepalm2009-08-20

ha it doesn't work like that, all you gota do it stop that process that's running that's "protecting" that file. once process has been ended the file is open for deletion. or if that doesn't work which it will (100%) just pop in my debian flash drive and delete that suka... no way u can stop me from deleting anything or cracking it unless i don't have the algorithm or i cant identify the encryption type

The Miracle Man (author)Muscelz2009-09-29

What if the BIOS is password protected and doesn't allow booting from external media (of course there are ways around that)? On top of that, what if the entire hard drive is encrypted, with say... TrueCrypt? Combine those two with the encryption on the folders, and I hate to say it, but the liklihood you'll succeed in our lifetime are about .001%.

The Miracle Man (author)Muscelz2009-09-29

The deletion I'll agree with you, but would need to be done in offline mode, or with system/root level permissions. As for your comment on cracking, apparently you forgot to mention there can be no time constraints. I'll give you the benefit of the doubt, you can crack anything, but the cracking process may not finish in this century.

knex_mepalm (author)Muscelz2009-08-20

hmmmmm. that gives me an idea, say are you good at cracking?

Muscelz (author)knex_mepalm2009-08-21

yes ofcource i can, and im not decrypting for the hell of it

Muscelz (author)Muscelz2009-08-18

oops AES 128-256 was meant to be under PK v2-04g

The Miracle Man (author)Muscelz2009-09-29

What's the character set on your NTLM tables? Character length? Does it support Unicode? If I use a 128 character length password, your 10 character length limited NTLM rainbow table will NOT crack that. If you attempt brute force, your computer will give out before you ever get it cracked.